Archive 8 min read

Making A Break To Start Your Cybersecurity Career

How can you create a break for yourself to get started on a cybersecurity career path? A few thoughts...

Making A Break To Start Your Cybersecurity Career

Watch this episode on YouTube.

Reasonably Accurate 馃馃 Transcript

Today, we talked about getting started in cybersecurity and sort of the principles of the attributes that you need in order to. Of course, now it's beeping all the time. Um The, uh, let me restart that because I get distracted.

Social media is a distraction. It's a topic for next week. So yesterday, we talked about the principles you need are sort of the attributes you need to get started in or to have a successful career in cybersecurity. So I was talking about the um ability to learn quickly, the desire to continuously learn and sort of that puzzling tenacious mindset to crack a problem.

And I got some great feedback. Thank you for watching. Hopefully, you're tuned in today because today I want to talk about something that's come up multiple times. And that's sort of how do you get over the hump?

How do you get a crack in the door? How do you get your first opportunity in cybersecurity? Now, again, my opinion, my experience, I have had a very different experience than most people because I've been doing this for a very long time.

And when I got started, none of the stuff that exists today was really out there or popular cybersec was not a board level topic. Um, you could not go out and get a graduate degree in cybersecurity. There was not a plethora of certifications to get started.

So my experience is very different than what you will have today starting out. However, I believe some of what I've seen in the industry over the years is still relevant and this might be of use to you.

So, fingers crossed again, my opinion, my take. So, um, the challenge that a few people highlighted was ok. I've got that mindset. I'm lo I'm willing to learn, I want to get involved. But all of the certifications, um, in the industry require a certain amount of experience or are expensive.

How do I really get started? So, let's cover that again real quick around certifications. They're important. They're valuable. They provide some, um, standardized or recognition of the expertise that you've built up, but they're not the end all and be all.

So they do not necessarily indicate that you're a competent security professional for one thing or that you don't have them doesn't mean that you are incompetent. And the challenge here that somebody rightfully highlighted on youtube yesterday, was that, how do you get past hr how do you get, you know, if it says I need Ach or a G or AC ISSP?

How do I get in the door if I do not have these certificates? Um, and that's a really good question. And unfortunately, given the number of um hr departments that do the filtering that ends up being a real problem because uh I couldn't tell you what a good cybersecurity professionals resume looks like I can tell you how to match a resume to a job request, but I can't tell you whether that's a valid um and accurate description of the cybersecurity professional.

So, here's my advice to you. Um Get out and start networking. Now, I know everybody goes, oh my God. Networking. What a horrible, horrible term. Nobody wants to network networking is just meeting people. It's meeting people.

It's putting yourself out there, but it's, you know, at a conference saying hi, I'm Mark. Nice to meet you. Um What a cool talk. Did you see Joe's talk? It was amazing. You know, did you see Anna's talk?

It was phenomenal. Best description of Bitcoin I've ever heard. I'll link to that below. Uh was at Atlantic security conference uh a couple of weeks ago. Amazing job as always. Um So you need to meet people because those people will help you get past those artificial barriers, those hr barriers.

Now, the advantage we have working for us here is that cybersecurity is, skills are in such high demand that it's not like hr is getting 10,000 resumes that they need to filter through automatically. There is a gap in the skills that are out there and the people that are out there.

So you need to be able to prove that you've got the skills certifications are one way to prove that it's a quick way for people to recognize. Oh, you've got that cert, you probably have these skills but realistically really about who, you know, and sort of spying these opportunities because a lot of the time the cybersecurity jobs aren't even necessarily getting posted because it's just such a waste of time because nobody's going to end up applying.

You need to find somebody and convince them to come over. That being said, still scour all the job boards to look for these opportunities. So here's how you can start networking, um social media, you're on it right now.

Hit me up, marknca. Say hi, linkedin. Hit me up on linkedin as well. If you go to, that's my website. You'll see my linkedin, click to my linkedin profile, send me a connection request or start following me, start looking at who I'm following.

I follow a lot of folks in cybersecurity and sort of roots and repeat that a lot of info people, cybersecurity, people are on Twitter are on linkedin are actively engaging with the community. So on linkedin, there's a lot of great groups on Twitter and if you follow cybersecurity security or infosec as a hashtag you're going to meet a lot of these folks or see a lot of these folks interacting.

Um And then you need to get out in person. Now, I know budget and travel can be a challenge. Um But the good news is that there's been a worldwide series of events for the last few years called Bides.

Bides has a long and cool history. Um Jack Daniels and the team set it up years and years ago and it's taken off since then. These are free events, um or the vast majority are free. Um, local community driven.

Lots of great talks, but lots of great networking. There's no sponsor, uh, talk stuff allowed. Um, the sponsors that normally show up are there to recruit, um, which is a great opportunity to meet them, uh, to introduce yourself to get over that hump.

So, and another great networking opportunity with the community as well, you really just need to get yourself out there to get over that hump. And I know that's sort of placating. It's like, ah, it's easy, put yourself out there.

It's gonna be hard. It's gonna take a while. Um, you know, but that's how with, if you don't have the sort of on paper pedigree that shows like, hey, I've got AC ISSP, I've got a bachelor or a master's in this and I've got this and I've got this and look at all these great security things that I've got and a little jazz hands there for you.

Um, if you don't have that, this is the alternative route is you need to build up the networks, you need to build up the reputation to show that you can do the job. Right. And I think that's a reasonable and pragmatic way to take it.

It's going to take a little while longer. Um, but that is a good way to sort of prove your chops. A lot of companies are desperate for talent if you go back to those core principles and can show some basic knowledge, some stuff that you've picked up some stuff that you've learned rapidly.

Um Then uh companies in my experience are willing to invest to build the talent because the talent is not out there. It's not like other areas where there's a plethora of programmers in um you know, a specific technology and go wow, this person, if this candidate doesn't work out, I got 1000 more candidates who are up to speed and react so I can hire somebody else.

Cybersecurity. We are in control right now because there is such a gap. Um You just need to get over that hump and I get it and this is not an end, all be all solution, but at least it's something get out their network, be social, start online and move into the real world.

Go to as many events as you can um you know, start shaking hands, meeting people, put yourself out there a bit. Do some videos demonstrate, you know, your knowledge, a great way to do that is share your initial learning experiences.

I know a lot of people go, oh, I'm not an expert. I can't blog in it. You know, what being a beginner and explaining your thought process is probably more value than an expert blogging on the topic.

And I'll give you a fantastic example and I hope it's on youtube. If it isn't yet, it will be uh Oh, no, sorry. It's not on youtube. I know that for sure. But let me give you a real example and I'll send you the link of the blog posts.

Um A friend of mine, Matt Middleton in Atlantic, Canada did a talk at Atlantic Security conference on his learning experience around cybersecurity. Traditionally, he's a software tester and he's moving more and more into the cybersecurity world, which is great, great perspective and great person.

He's been learning going to these events networking for years. Um He gave his uh first talk at the Atlantic security conference. It went well, great job, Manny. Um But his talk was basically as a beginner. Here's the challenges I've had.

Here's the cool things I learned. Here's the crappy things that I signed up for. Here's the money I wasted. Here's the money that was of value, that was a hugely informative talk. Um Your experiences as a beginner are important to other people who are further behind than you are on the path, right?

Everybody's on this path. Some people are leading, some people are just starting no matter where you are, there's almost always people ahead of you and people behind you, you can always teach the people behind you and you can always learn from the people ahead of you.

Um Put yourself out there. That's how you can start to get into cybersecurity. I hope that helps a lot more to come on this topic. Um In the next couple of weeks, please stay tuned. I hope you are set up for a fantastic Friday.

Hit me up online, marknca start that dialogue. Um Tell me what you think about that. Is this a good way? Has this worked out for you? Um You know, is, are you still struggling to kind of meet people within the community?

Uh Let me know, have a great weekend and I will talk to you next week. Um I am traveling on Monday morning, so no Mornings with Mark on Monday morning. Um But I'm hoping to do with the rest of the week even though I'm uh an internal trend micro event um in Miami.

Um But uh hopefully you'll still see me uh doing Mornings with Mark. If not, I'll be active on Twitter all week for sure. Uh We'll talk to you soon. Have a great weekend.

Read next